source of logs to be parsed

[bodik]

to switch from live log to offline file

defender/tools/windows/toolbox/eventlog-services.ps1

Line 15 in 923dbe3

$events = Get-WinEvent -FilterHashtable @{LogName="System"; ID=7030,7045} -Oldest

$events = Get-WinEvent -FilterHashtable @{Path="system.evtx";ID=7030,7045} -Oldest

[bodik]

• implemented for logon events by @apadrta in Exported evtx file can be parsed #8